1. Field of the Invention
The present invention discloses a control system and method for network service and function of virtual desktop, and in particular, to a control system and method for network service and function of virtual desktop in a cloud computing platform which can provide different users with different network service access permissions. A manager can use a network service access controller to configure different user service groups, network service, and IP routing access permissions for each user service group. The access controller can also process a configuration of a connection for a user based on the access permission given to that user. The present invention can give each user a different and independent IP. Therefore, the routing and network service configuration of users are individual and independent so as to avoid interference with each other, thereby enhancing flexibility and scalability of the system.
2. Description of the Prior Art
A company would establish a centralized information system and working environment of a database to protect information security and personal information of its employees, as well as to provide a remote desktop environment for the employees to connect to the central server for doing their work. There are at least two problems with this structure. First, when an employee is not in the inner office of the company, he/she has to establish a connection to pass through the internet and firewall into the intranet of the company via a virtual private network (VPN). The employee can have access permission to any information system in the intranet. In other words, there is no present technique or method to limit the access permission of an employee to access any inner information system of the company when the employee is logged in to the intranet by VPN or remote desktop technique. Also, each one of the remote users shares the same IP address to log into the same server by using the present remote desktop technique, and it is difficult for software or an information system to identify different users. Furthermore, the company cannot provide different access to different users according to their IDs. Taiwan patent application No. 200841.652 entitled, “STRATEGIES FOR SECURELY APPLYING CONNECTION POLICIES VIA A GATEWAY,” discloses a strategy for security access permission in a system that includes providing a gateway to protect the access security of a server between clients and the remote desktop server. However, this strategy does not describe how to differentiate connections of different users and does not solve the access permission and IP routing problems of inner information network in a company.
In order to solve the above mentioned issues, the present invention permits each user to have a temporary and independent IP automatically when each user logs into the central desktop server. Furthermore, the present invention can generate a service management function automatically according to the temporary and independent IP of each user and limit the user in a specific service group to configure network service access according to the specific service group. This provides an efficient, flexible, and safe virtual desktop service for companies.